F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Implementing Zero Trust with Per-Request Policies
  3. Forward Proxy Chaining Per Request
  4. Overview: Simple forward proxy chaining example
  5. Configuring a per-request policy to select the next hop
Manual Chapter : Configuring a per-request policy to select the next hop

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Configuring a per-request policy to select the next hop

Before you start, you must have configured a pool of proxy servers that all support the same forward proxy mode: explicit or transparent. (Create pools using
Local Traffic
Pools
.)
You create a per-request policy that uses a Proxy Select agent to select the next hop in a forward proxy chain.
If you include
SSL Intercept
 or
SSL Bypass
 agents in the policy, be sure to place them before other agents.
  1. On the Main tab, click
    Access
    Profiles / Policies
    Per-Request Policies
    .
    The Per-Request Policies screen opens.
  2. To create a new per-request policy, click
    Create
    , type a name that is unique among all access profiles and per-request policies, select the accepted languages, and click
    Finished
    .
    The Per-Request Policies screen displays the new per-request policy.
  3. In the
    Name
     field, locate the policy that you want to update, then in the
    Per-Request Policy
     field, click the
    Edit
     link.
    The visual policy editor opens in another tab.
  4. On a policy branch, click the
    (+)
     icon to add an item to the policy.
    The actions you can use for building a per-request policy are displayed on a popup screen with actions on tabs, such as Authentication, Classification, and General Purpose, and a search field.
  5. On the Traffic Management tab, select
    Proxy Select
     and click
    Add Item
    .
    A Properties popup screen opens.
  6. From the
    Pool
     list, select a pool of one or more proxy servers to serve as the next hop.
    All proxy servers in the pool that you select must support the forward proxy mode that you specify in the
    Upstream Proxy Mode
     setting.
  7. From
    Upstream Proxy Mode
    , select:
    • Explicit
       if the proxy servers in the pool support explicit forward proxy.
    • Transparent
       if the proxy servers in the pool support transparent forward proxy.
  8. For
    Username
     and
    Password
    , most of the time you can retain the default values (blank).
    These fields support the use of static credentials to authenticate the user at the next hop using HTTP Basic authentication.
  9. Click
    Save
    .
    The properties screen closes. The visual policy editor displays.
Be sure to add a disabled HTTP Connect Profile to the virtual server that processes SSL traffic for the forward proxy configuration.
A per-request policy is not in effect unless it and an access profile are specified in virtual servers in the forward proxy configuration.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information